The use of personal communication devices in every aspect of our daily lives has increase dramatically over recent years. With the proliferation of personal communication devices, it has become more and more important to protect the critical data stored within the device. For example, the use of a PIN has been implemented with personal communication devices to control access to the device. However, it is possible that one may guess the PIN if given an unlimited number of time and attempts to enter a PIN. Thus, in addition to the use of a PIN, it is useful to limit the number of attempts to enter a PIN.
In order to limit the number of attempts to access the device, it is necessary to use some type of counter in the personal communication device itself. The counter utilizes “state” information related to the critical data used by the device. Similar counters have been used in the area of digital rights management (DRM) for controlling the consumption of data content. For example, a third party might want to prevent a user of a personal communication device from playing a song more than 10 times. The right to play the song 10 times is delivered as an electronic voucher that specifies a 10-use restriction by implementing a counter. However, if a user can reset the counter after each use, the song can be played indefinitely without having to pay the owner of the data for each use. Thus, in the area of DRM various methods of cryptography have been used to protect the critical state information.
Cryptography involves the encoding or encrypting of digital data to render them incomprehensible by all but the intended recipients. In other words, the data is encrypted and the decryption key is delivered to those terminals or users that have paid to consume the data content. To this end, cryptographic systems can be used to preserve the privacy and integrity of the data by preventing the use and alteration of data by unauthorized parties. In addition to encryption, also authentication of the origin of the data is used in order to make sure that e.g., that only a party who has the right key can generate the right signature or message authentication code (MAC).
For example, a plaintext message consisting of digitized sounds, letters and/or numbers can be encoded numerically and then encrypted using a complex mathematical algorithm that transforms the encoded message based on a given set of numbers or digits, also known as a cipher key. The cipher key is a sequence of data bits that may either be randomly chosen or have special mathematical properties, depending on the algorithm or cryptosystem used. Sophisticated cryptographic algorithms implemented on computers can transform and manipulate numbers that are hundreds or thousands of bits in length and can resist any known method of unauthorized decryption. There are two basic classes of cryptographic algorithms: symmetric key algorithms and asymmetric key algorithms.
Symmetric key algorithms use an identical cipher key for both encrypting by the sender of the communication and decrypting by the receiver of the communication. Symmetric key cryptosystems are built on the mutual trust of the two parties sharing the cipher key to use the cryptosystem to protect against distrusted third parties. A well-known symmetric key algorithm is the National Data Encryption Standard (DES) algorithm first published by the National Institute of Standards and Technology. See Federal Register, Mar. 17, 1975, Vol. 40, No. 52 and Aug. 1, 1975, Vol. 40, No. 149. The sending cryptographic device uses the DES algorithm to encrypt the message when loaded with the cipher key (a DES cipher key is 56 bits long) for that session of communication (the session key). The recipient cryptographic device uses an inverse of the DES algorithm to decrypt the encrypted message when loaded with the same cipher key as was used for encryption.
Asymmetric key algorithms use different cipher keys for encrypting and decrypting. In a cryptosystem using an asymmetric key algorithm, the user makes the encryption key public and keeps the decryption key private, and it is not feasible to derive the private decryption key from the public encryption key. Thus, anyone who knows the public key of a particular user could encrypt a message to that user, whereas only the user who is the owner of the private key corresponding to that public key could decrypt the message. This public/private key system was first proposed in Diffie and Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, November 1976, and in U.S. Pat. No. 4,200,770 (Hellman et al.), both of which are hereby incorporated by reference.
The Cryptographic systems noted above have been used to protect state information in a personal communication device by securely storing the state information in a couple of ways. First, by writing a snapshot to the state information and computing its “checksum,” e.g., by using a one-way hash function. The result is stored within a tamper-resistant memory location of the device. Therefore, if someone tries to change the state information, the checksum of the result will not match the checksum value stored within the personal device. Second, by using a monotonic, persistent counter within the device. Every time there is a state change, the state information is stored along with the current counter value encrypted using a device key. Thus, no one can change the encrypted state information without the key.
However, both of these prior art methods require a small amount of read-write, tamper-resistant storage within the device itself. This might not always be feasible because of the expense of read-write storage.
Therefore, it is desirable to provide a system, method and computer program product that provides a trusted counter for protecting access to a personal communication device using a read-write, external tamper-resistant storage device. The system, method and computer program product of the present invention disclosed herein address this need.